Search in sources :

Example 6 with EncryptionMethod

use of org.apache.nifi.security.util.EncryptionMethod in project nifi by apache.

the class EncryptContent method customValidate.

@Override
protected Collection<ValidationResult> customValidate(final ValidationContext context) {
    final List<ValidationResult> validationResults = new ArrayList<>(super.customValidate(context));
    final String methodValue = context.getProperty(ENCRYPTION_ALGORITHM).getValue();
    final EncryptionMethod encryptionMethod = EncryptionMethod.valueOf(methodValue);
    final String algorithm = encryptionMethod.getAlgorithm();
    final String password = context.getProperty(PASSWORD).getValue();
    final KeyDerivationFunction kdf = KeyDerivationFunction.valueOf(context.getProperty(KEY_DERIVATION_FUNCTION).getValue());
    final String keyHex = context.getProperty(RAW_KEY_HEX).getValue();
    if (isPGPAlgorithm(algorithm)) {
        final boolean encrypt = context.getProperty(MODE).getValue().equalsIgnoreCase(ENCRYPT_MODE);
        final String publicKeyring = context.getProperty(PUBLIC_KEYRING).getValue();
        final String publicUserId = context.getProperty(PUBLIC_KEY_USERID).getValue();
        final String privateKeyring = context.getProperty(PRIVATE_KEYRING).getValue();
        final String privateKeyringPassphrase = context.getProperty(PRIVATE_KEYRING_PASSPHRASE).evaluateAttributeExpressions().getValue();
        validationResults.addAll(validatePGP(encryptionMethod, password, encrypt, publicKeyring, publicUserId, privateKeyring, privateKeyringPassphrase));
    } else {
        // Not PGP
        if (encryptionMethod.isKeyedCipher()) {
            // Raw key
            validationResults.addAll(validateKeyed(encryptionMethod, kdf, keyHex));
        } else {
            // PBE
            boolean allowWeakCrypto = context.getProperty(ALLOW_WEAK_CRYPTO).getValue().equalsIgnoreCase(WEAK_CRYPTO_ALLOWED_NAME);
            validationResults.addAll(validatePBE(encryptionMethod, kdf, password, allowWeakCrypto));
        }
    }
    return validationResults;
}
Also used : KeyDerivationFunction(org.apache.nifi.security.util.KeyDerivationFunction) ArrayList(java.util.ArrayList) EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod) ValidationResult(org.apache.nifi.components.ValidationResult)

Example 7 with EncryptionMethod

use of org.apache.nifi.security.util.EncryptionMethod in project nifi by apache.

the class EncryptContent method buildEncryptionMethodAllowableValues.

private static AllowableValue[] buildEncryptionMethodAllowableValues() {
    final EncryptionMethod[] encryptionMethods = EncryptionMethod.values();
    List<AllowableValue> allowableValues = new ArrayList<>(encryptionMethods.length);
    for (EncryptionMethod em : encryptionMethods) {
        allowableValues.add(new AllowableValue(em.name(), em.name(), em.toString()));
    }
    return allowableValues.toArray(new AllowableValue[0]);
}
Also used : AllowableValue(org.apache.nifi.components.AllowableValue) ArrayList(java.util.ArrayList) EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod)

Example 8 with EncryptionMethod

use of org.apache.nifi.security.util.EncryptionMethod in project nifi by apache.

the class TestEncryptContent method testShouldDecryptOpenSSLRawSalted.

@Test
public void testShouldDecryptOpenSSLRawSalted() throws IOException {
    // Arrange
    Assume.assumeTrue("Test is being skipped due to this JVM lacking JCE Unlimited Strength Jurisdiction Policy file.", PasswordBasedEncryptor.supportsUnlimitedStrength());
    final TestRunner testRunner = TestRunners.newTestRunner(new EncryptContent());
    final String password = "thisIsABadPassword";
    final EncryptionMethod method = EncryptionMethod.MD5_256AES;
    final KeyDerivationFunction kdf = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY;
    testRunner.setProperty(EncryptContent.PASSWORD, password);
    testRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, kdf.name());
    testRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, method.name());
    testRunner.setProperty(EncryptContent.MODE, EncryptContent.DECRYPT_MODE);
    // Act
    testRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/salted_raw.enc"));
    testRunner.clearTransferState();
    testRunner.run();
    // Assert
    testRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
    testRunner.assertQueueEmpty();
    MockFlowFile flowFile = testRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
    logger.info("Decrypted contents (hex): {}", Hex.encodeHexString(flowFile.toByteArray()));
    logger.info("Decrypted contents: {}", new String(flowFile.toByteArray(), "UTF-8"));
    // Assert
    flowFile.assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt"));
}
Also used : MockFlowFile(org.apache.nifi.util.MockFlowFile) KeyDerivationFunction(org.apache.nifi.security.util.KeyDerivationFunction) TestRunner(org.apache.nifi.util.TestRunner) EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod) File(java.io.File) MockFlowFile(org.apache.nifi.util.MockFlowFile) Test(org.junit.Test)

Example 9 with EncryptionMethod

use of org.apache.nifi.security.util.EncryptionMethod in project nifi by apache.

the class TestEncryptContent method testValidation.

@Test
public void testValidation() {
    final TestRunner runner = TestRunners.newTestRunner(EncryptContent.class);
    Collection<ValidationResult> results;
    MockProcessContext pc;
    runner.enqueue(new byte[0]);
    pc = (MockProcessContext) runner.getProcessContext();
    results = pc.validate();
    Assert.assertEquals(results.toString(), 1, results.size());
    for (final ValidationResult vr : results) {
        Assert.assertTrue(vr.toString().contains(EncryptContent.PASSWORD.getDisplayName() + " is required when using algorithm"));
    }
    runner.enqueue(new byte[0]);
    final EncryptionMethod encryptionMethod = EncryptionMethod.MD5_128AES;
    runner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
    runner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
    runner.setProperty(EncryptContent.PASSWORD, "ThisIsAPasswordThatIsLongerThanSixteenCharacters");
    pc = (MockProcessContext) runner.getProcessContext();
    results = pc.validate();
    if (!PasswordBasedEncryptor.supportsUnlimitedStrength()) {
        logger.info(results.toString());
        Assert.assertEquals(1, results.size());
        for (final ValidationResult vr : results) {
            Assert.assertTrue("Did not successfully catch validation error of a long password in a non-JCE Unlimited Strength environment", vr.toString().contains("Password length greater than " + CipherUtility.getMaximumPasswordLengthForAlgorithmOnLimitedStrengthCrypto(encryptionMethod) + " characters is not supported by this JVM due to lacking JCE Unlimited Strength Jurisdiction Policy files."));
        }
    } else {
        Assert.assertEquals(results.toString(), 0, results.size());
    }
    runner.removeProperty(EncryptContent.PASSWORD);
    runner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
    runner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/text.txt");
    runner.enqueue(new byte[0]);
    pc = (MockProcessContext) runner.getProcessContext();
    results = pc.validate();
    Assert.assertEquals(1, results.size());
    for (final ValidationResult vr : results) {
        Assert.assertTrue(vr.toString().contains(" encryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PUBLIC_KEYRING.getDisplayName() + " and " + EncryptContent.PUBLIC_KEY_USERID.getDisplayName()));
    }
    // Legacy tests moved to individual tests to comply with new library
    // TODO: Move secring tests out to individual as well
    runner.removeProperty(EncryptContent.PUBLIC_KEYRING);
    runner.removeProperty(EncryptContent.PUBLIC_KEY_USERID);
    runner.setProperty(EncryptContent.MODE, EncryptContent.DECRYPT_MODE);
    runner.setProperty(EncryptContent.PRIVATE_KEYRING, "src/test/resources/TestEncryptContent/secring.gpg");
    runner.enqueue(new byte[0]);
    pc = (MockProcessContext) runner.getProcessContext();
    results = pc.validate();
    Assert.assertEquals(1, results.size());
    for (final ValidationResult vr : results) {
        Assert.assertTrue(vr.toString().contains(" decryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PRIVATE_KEYRING.getDisplayName() + " and " + EncryptContent.PRIVATE_KEYRING_PASSPHRASE.getDisplayName()));
    }
    runner.setProperty(EncryptContent.PRIVATE_KEYRING_PASSPHRASE, "PASSWORD");
    runner.enqueue(new byte[0]);
    pc = (MockProcessContext) runner.getProcessContext();
    results = pc.validate();
    Assert.assertEquals(1, results.size());
    for (final ValidationResult vr : results) {
        Assert.assertTrue(vr.toString().contains(" could not be opened with the provided " + EncryptContent.PRIVATE_KEYRING_PASSPHRASE.getDisplayName()));
    }
}
Also used : TestRunner(org.apache.nifi.util.TestRunner) EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod) ValidationResult(org.apache.nifi.components.ValidationResult) MockProcessContext(org.apache.nifi.util.MockProcessContext) Test(org.junit.Test)

Example 10 with EncryptionMethod

use of org.apache.nifi.security.util.EncryptionMethod in project nifi by apache.

the class TestEncryptContent method testShouldDecryptOpenSSLRawUnsalted.

@Test
public void testShouldDecryptOpenSSLRawUnsalted() throws IOException {
    // Arrange
    Assume.assumeTrue("Test is being skipped due to this JVM lacking JCE Unlimited Strength Jurisdiction Policy file.", PasswordBasedEncryptor.supportsUnlimitedStrength());
    final TestRunner testRunner = TestRunners.newTestRunner(new EncryptContent());
    final String password = "thisIsABadPassword";
    final EncryptionMethod method = EncryptionMethod.MD5_256AES;
    final KeyDerivationFunction kdf = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY;
    testRunner.setProperty(EncryptContent.PASSWORD, password);
    testRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, kdf.name());
    testRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, method.name());
    testRunner.setProperty(EncryptContent.MODE, EncryptContent.DECRYPT_MODE);
    // Act
    testRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/unsalted_raw.enc"));
    testRunner.clearTransferState();
    testRunner.run();
    // Assert
    testRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
    testRunner.assertQueueEmpty();
    MockFlowFile flowFile = testRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
    logger.info("Decrypted contents (hex): {}", Hex.encodeHexString(flowFile.toByteArray()));
    logger.info("Decrypted contents: {}", new String(flowFile.toByteArray(), "UTF-8"));
    // Assert
    flowFile.assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt"));
}
Also used : MockFlowFile(org.apache.nifi.util.MockFlowFile) KeyDerivationFunction(org.apache.nifi.security.util.KeyDerivationFunction) TestRunner(org.apache.nifi.util.TestRunner) EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod) File(java.io.File) MockFlowFile(org.apache.nifi.util.MockFlowFile) Test(org.junit.Test)

Aggregations

EncryptionMethod (org.apache.nifi.security.util.EncryptionMethod)10 KeyDerivationFunction (org.apache.nifi.security.util.KeyDerivationFunction)4 TestRunner (org.apache.nifi.util.TestRunner)4 Test (org.junit.Test)4 File (java.io.File)3 Cipher (javax.crypto.Cipher)3 DecoderException (org.apache.commons.codec.DecoderException)3 MockFlowFile (org.apache.nifi.util.MockFlowFile)3 ArrayList (java.util.ArrayList)2 ValidationResult (org.apache.nifi.components.ValidationResult)2 PBECipherProvider (org.apache.nifi.security.util.crypto.PBECipherProvider)2 IOException (java.io.IOException)1 KeyManagementException (java.security.KeyManagementException)1 BadPaddingException (javax.crypto.BadPaddingException)1 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1 AllowableValue (org.apache.nifi.components.AllowableValue)1 FlowFile (org.apache.nifi.flowfile.FlowFile)1 ComponentLog (org.apache.nifi.logging.ComponentLog)1 ProcessException (org.apache.nifi.processor.exception.ProcessException)1 StreamCallback (org.apache.nifi.processor.io.StreamCallback)1